Language Selection

English French German Italian Portuguese Spanish

About Tux Machines

Friday, 23 Aug 19 - Tux Machines is a community-driven public service/news site which has been around for over a decade and a half and primarily focuses on GNU/LinuxSubscribe now Syndicate content

Search This Site

Hardware: Allwinner Processors, Intel SoC and RISC-V

Filed under
GNU
Linux
Hardware

Programming Leftovers

Filed under
Development
  • 7 Excellent R Natural Language Processing Tools

    Natural language processing (NLP) is a set of techniques for using computers to detect in human language the kinds of things that humans detect automatically.

    NLP is an exciting field of computer science, artificial intelligence, and computational linguistics concerned with the interactions between computers and human (natural) languages. It includes word and sentence tokenization, text classification and sentiment analysis, spelling correction, information extraction, parsing, meaning extraction, and question answering.

    In our formative years, we master the basics of spoken and written language. However, the vast majority of us do not progress past some basic processing rules when we learn how to handle text in our applications. Yet unstructured software comprises the majority of the data we see. NLP is the technology for dealing with our all-pervasive product: human language, as it appears in social media, emails, web pages, tweets, product descriptions, newspaper stories, and scientific articles, in thousands of languages and variants.

  • A muggle's guide to AWK arrays: 3

    Part 2 in this series looked at the 2-file command structure, where the first part of an AWK command created an array based on the first file, and the second part of the command used the array to filter a second file.

    Another way to think about this command structure is that an AWK array is like a lookup table, held in memory. You can use that lookup table for different kinds of data operations on another file. In this post I'll demonstrate reformatting and table joining.

  • Doing Math with Python in Python Humble Bundle

    "Doing Math with Python" is part of No Starch Press's Python Humble Bundle.

  • Kushal Das: A new tool to render my blog

    Now, I think it worked for me. I could focus on writing the actual content of the posts than anything else. The tool has a few flaws, but, none of them had any issue with my blogging requirements. It just worked for me. I could have written it in Python (in much less time), but, learning a new language is always fun.

The Linux kernel: Top 5 innovations

Filed under
Linux

The word innovation gets bandied about in the tech industry almost as much as revolution, so it can be difficult to differentiate hyperbole from something that’s actually exciting. The Linux kernel has been called innovative, but then again it’s also been called the biggest hack in modern computing, a monolith in a micro world.

Setting aside marketing and modeling, Linux is arguably the most popular kernel of the open source world, and it’s introduced some real game-changers over its nearly 30-year life span.

Read more

Removing Qt 4 from Ubuntu before the 20.04 release

Filed under
Ubuntu

I would like to completely remove Qt 4 from the Ubuntu archive before
the 20.04 release. This includes all of KDE 4 and dependencies.

The Debian Qt/KDE Team (which I am a part of) is raising the status of
the Qt 4 removal bugs to RC[1], and since the Qt 6 work is starting
upstream in the dev branch in the coming months, now is the time for Qt
4 to go.

My timeline for this is to change all of the bugs filed to ask people to
port[2] to removal bugs, and go over the list of Qt 4 reverse
dependencies one last time, so the removal can be done at the beginning
of the 20.04 cycle before the archive opens. This would make 19.10 the
last release with Qt 4.

Read more

Also: Ubuntu Planning To Drop Qt4 & Its Dependencies Ahead Of 20.04 LTS

The lifecycle of Linux kernel testing

Filed under
Linux

In Continuous integration testing for the Linux kernel, I wrote about the Continuous Kernel Integration (CKI) project and its mission to change how kernel developers and maintainers work. This article is a deep dive into some of the more technical aspects of the project and how all the pieces fit together.

Every exciting feature, improvement, and bug in the kernel starts with a change proposed by a developer. These changes appear on myriad mailing lists for different kernel repositories. Some repositories focus on certain subsystems in the kernel, such as storage or networking, while others focus on broad aspects of the kernel. The CKI project springs into action when developers propose a change, or patchset, to the kernel or when a maintainer makes changes in the repository itself.

Read more

today's howtos and leftovers

Filed under
Misc
HowTos
  • Making Sink(ed) contacts accessible to Plasma-Phonebook App
  • How to Delete MySQL Users Accounts
  • How to sync Google Contacts with Thunderbird
  • How to set the GNOME idle delay from the command line
  • Four Apollo Lake Pico-ITX SBCs start at $245 in single units

    Logic Supply has launched four Ubuntu-ready “EPM16x” Pico-ITX SBCs with Apollo Lake SoCs starting at $245. The $426 and up EPM163 has a Pentium N4200, 4GB LPDDR4, 64GB eMMC, mSATA, mini-PCIe, and 2x each of GbE, DP, and USB 3.0.

    We’ve reported on over a dozen Linux-friendly Pico-ITX boards with Intel Apollo Lake processors over the last few years, including most recently, Axiomtek’s PICO319 and IEI’s Hyper-AL. Yet, as some of our readers have complained, they are rarely announced with ship dates or prices, and if they are, they usually list only volume pricing.

  • Huawei Covers Android Gap with IoT OS

    If you’ve been watching the smartphone world, you may know of Huawei’s problems with the United States. Huawei has had a spotty history of spying on American technology, to the point where Huawei products have been banned from being sold in the US.

    Huawei responded by saying they would very much like to continue relations with Android and have been hoping they get a second chance with the technology giant. They have stated, however, that if they are officially cut off from Android, they would make their own OS.

  • Gaurav Agrawal: Google Summer of Code 2019 FINAL REPORT

    My Google Summer of Code (GSOC) project was focused on “Implementing split view” in gnome-gitg. This blog posts serves as my final submission to my Google Summer of Code project.

  • Command Line Heroes season 3, episode 5: The Infrastructure Effect: COBOL and Go

    Languages used for IT infrastructure don't have expiration dates. COBOL's been around for 60 years - and isn't going anywhere anytime soon. We maintain billions of lines of classic code for mainframes. But we're also building new infrastructures for the cloud in languages like Go.

  • Ubuntu Podcast from the UK LoCo: S12E20 – Outrun

    This week we’ve been experimenting with lean podcasting and playing Roguelikes. We discuss what goes on at a Canonical Roadmap Sprint, bring you some command line love and go over all your feedback.

    It’s Season 12 Episode 20 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Stuart Langridge are connected and speaking to your brain.

OSS Leftovers

Filed under
OSS
  • Open-Source Project Unveils Detailed Road Map for New Mainnet

    An open-source project that aims to create a smart economy based on blockchain technology has unveiled a new program designed to fuel its ecosystem’s growth — while setting out a detailed road map for its new mainnet.
    Neo says its EcoBoost scheme has been designed to support developers and projects that are already in its ecosystem, as well as those that wish to join. A total of $100 million has been allocated to the initiative — and in the first phase, the firm is seeking to establish long-term partnerships that will fuel the organic growth of its network. Media outlets, exchanges, decentralized application (DApp) distribution platforms and other blockchain infrastructures are being encouraged to express an interest in becoming an EcoBoost Partner, and Neo says it has already received numerous applications from “leading institutions and projects in the industry.”

  • Square Crypto Hires Blockstream Co-Founder, Open Source Bitcoin Dev

    Square Crypto announced on Twitter that they have hired Matt Corallo, Bitcoin software developer and co-founder of Blockstream.

  • 5 Arenas Where Open Source is the Undisputed Champion

    Open source software has come of age. It has now reached a level of maturity and capability where it simply cannot be ignored. Recent research[1] suggests that 82 percent of large organizations are more receptive to open source than they were five years ago and that C-level IT executives are now most likely to prefer an open source solution over proprietary alternatives.
    Over the years, everyone’s confidence and trust in open source software has been steadily growing. We’ve now reached the point where open source is the dominant player in many of the key technology trends shaping our world.

    [...]

    It’s widely acknowledged that Linux is the power behind the vast majority of public internet servers and that Unix-like operating systems are being used by about 70 percent of all web servers, with Linux taking the lion’s share.
    Why is that important?  Because even though we pay them little thought or attention, web and internet servers are responsible for stitching together the digital fabric that most of us rely on for communications and services every day.

    [...]

    There’s no denying that open source is here to stay.  I’ve been working with open source for almost a decade now and over that time I’ve seen how quickly open source solutions have taken off, gained acceptance and become the front runner is so many areas.

  • U-Boot Has Been Seeing Better x86 Support, EFI Improvements

    Google's Simon Glass who is part of the Chromium / Chrome OS team presented at this week's Embedded Linux Conference in San Diego on U-Boot. 

    U-Boot continues making good progress particularly on the embedded front for where this bootloader is most well known, but it's also been seeing increasing x86 support. Currently U-Boot supports around 10 different Intel SoCs and can handle booting from Coreboot on most boards. Intel Apollolake support is forthcoming to U-Boot. Additionally, FSP2 support for the newer version of Intel's firmware support package is being worked on for U-Boot. Also new on U-Boot's x86 front is slimbootloader support. 

  • Dustin J. Mitchell: Outreachy Round 20

    Outreachy is a program that provides paid internships working on FOSS (Free and Open Source Software) to applicants from around the world. Internships are three months long and involve deep, technical work on a mentor-selected project, guided by mentors and other developers working on the FOSS application. At Mozilla, projects include work on Firefox itself, development of associated services and sites like Taskcluster and Treeherder, and analysis of Firefox telemetry data from a data-science perspective.

    The program has an explicit focus on diversity: “Anyone who faces under-representation, systemic bias, or discrimination in the technology industry of their country is invited to apply.” It’s a small but very effective step in achieving better representation in this field. One of the interesting side-effects is that the program sees a number of career-changing participants. These people bring a wealth of interesting and valuable perspectives, but face challenges in a field where many have been programming since they were young.

  • AI open source leader H2O.ai secures funding worth $72.5 million

    Over the past couple of years, the Silicone-based company has raised a total of $147 million. Since its founding, H2O.ai has gone through a series of funding including its seed round in 2013. In 2017, it saw one of its biggest growth after a Series C funding that raised $75 million. Wells Fargo and NVIDIA led the funding with their $40 million investment. Other participants included Crane Venture Partners, New York Life, Transamerica Ventures, and Nexus Venture Partners.

Security Leftovers

Filed under
Security
  • Cryptojacking Code Found in 11 Open Libraries, Thousands Infected

    A cryptojacking code was found in 11 open-source code libraries written in Ruby, which have been downloaded thousands of times.
    Hackers downloaded the software, infected it with malware, and subsequently reposted it on the RubyGems platform, industry news outlet Decrypt reported on Aug. 21.

  • Malicious cryptojacking code found in 11 Ruby libraries

    Cryptojacking software has been found in 11 code libraries for the programming language Ruby—exposing thousands of people.

    The latest heist, discovered yesterday on code repository Github made use of a package manager called RubyGems, a popular program that allows developers to upload and share improvements on existing pieces of software.

  • Cryptojacking Scripts Found in 11 Open-Source Code Libraries

    According to a Decrypt report, the malware was discovered on Tuesday inside Github code repository, infecting the language manager called RubyGems.

  • First‑of‑its‑kind spyware sneaks into Google Play
  • Open-source spyware bypasses Google Play defenses — twice

    Radio Balouch — the app in question — is a legitimate radio application serving Balouchi music enthusiasts, except that it also included AhMyth, a remote access espionage tool that has been available on GitHub as an open-source project since late 2017.

    Lukas Stefanko, ESET researcher who uncovered the campaign, said the app was uploaded twice on Google Play — once on July 2 and a second time on July 13 — only to be swiftly removed by Google within 24 hours upon being alerted by the security team. It continues to be available on third-party app stores.

    While the service’s dedicated website “radiobalouch.com” is no longer accessible, the attackers also seem to have promoted the app on Instagram and YouTube. The app, in total, attracted over 100 installs.

  • 61 impacted versions of Apache Struts left off security advisories

    Security researchers have reviewed security advisories for Apache Struts and found that two dozen of them inaccurately listed affected versions for the open-source development framework.

    The advisories have since been updated to reflect vulnerabilities in an additional 61 unique versions of Struts that were affected by at least one previously disclosed vulnerability but left off the security advisories for those vulnerabilities.

  • Sectigo Sponsors Automated Certificate Issuance and Renewal in Electronic Frontier Foundation’s Certbot Open Source Software Tool

    Sectigo, the world’s largest commercial Certificate Authority (CA) and a provider of purpose-built and automated PKI management solutions, today announced its sponsorship of Electronic Frontier Foundation’s (EFF) free, open source software tool, Certbot, to support efforts to encrypt the entire internet and build a network that is more structurally private, safe, and protected against censorship.

GNU Parallel 20190822 ('Jesper Svarre') released [stable]

Filed under
GNU

GNU Parallel 20190822 ('Jesper Svarre') [stable] has been released. It is available for download at: http://ftpmirror.gnu.org/parallel/

No new functionality was introduced so this is a good candidate for a stable release.

GNU Parallel is 10 years old next year on 2020-04-22. You are here by invited to a reception on Friday 2020-04-17.

Read more

KDE ISO Image Writer – Release Announcement

Filed under
KDE

My GSoC project comes to an end and I am going to conclude this series of articles by announcing the release of a beta version of KDE ISO Image Writer.

Read more

Also: How I got a project in Labplot KDE

Linux Foundation: Automotive Grade Linux Announcement and Calling Surveillance Operations "Confidential Computing"

Filed under
Linux
OSS
Security
  • Automotive Grade Linux Announces New Instrument Cluster Expert Group and UCB 8.0 Code Release

    Automotive Grade Linux (AGL), an open source project developing a shared software platform for in-vehicle technology, today announced a new working group focused on Instrument Cluster solutions, as well as the latest code release of the AGL platform, the UCB 8.0.

    The AGL Instrument Cluster Expert Group (EG) is working to reduce the footprint of AGL and optimize the platform for use in lower performance processors and low-cost vehicles that do not require an entire infotainment software stack. Formed earlier this year, the group plans to release design specifications later this year with an initial code release in early 2020.

    “AGL is now supported by nine major automotive manufacturers, including the top three producers by worldwide volume, and is currently being used in production for a range of economy and luxury vehicles” said Dan Cauchy, Executive Director of Automotive Grade Linux at the Linux Foundation. “The new Instrument Cluster Expert Group, supported by several of these automakers, will expand the use cases for AGL by enabling the UCB platform to support solutions for lower-cost vehicles, including motorcycles.”

  • Shhh! Microsoft, Intel, Google and more sign up to the Confidential Computing Consortium

    The Linux Foundation has signed up the likes of Microsoft and Google for its Confidential Computing Consortium, a group with the laudable goal of securing sensitive data.

    The group – which also includes Alibaba, Arm, Baidu, IBM, Intel, Red Hat, Swisscom and Tencent – will be working on open-source technologies and standards to speed the adoption of confidential computing.

    The theory goes that while approaches to encrypting data at rest and in transit have supposedly been dealt with, assuming one ignores the depressingly relentless splurts of user information from careless vendors, keeping it safe while in use is quite a bit more challenging. Particularly as workloads spread to the cloud and IoT devices.

  • Tech giants come together to form cloud security watchdog

    Some of the world’s biggest technology companies are joining forces to improve the security of files in the cloud. This includes Google, IBM, Microsoft, Intel, and many others.

    The news first popped up on the Linux Foundation, where it was said that the Confidential Computing Consortium will work to bring industry standards and identify the proper tools to encrypt data used by apps, devices and online services.

    At the moment, cloud security solutions focus to protect data that’s either resting, or is in transit. However, when the data is being used is “the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data.”

  • Tech firms join forces to boost cloud security

    Founding members of the group – which unites hardware suppliers, cloud providers, developers, open source experts and academics – include Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent.

    [...]

    “The earliest work on technologies that have the ability to transform an industry is often done in collaboration across the industry and with open source technologies,” said Jim Zemlin, executive director at the Linux Foundation.

    “The Confidential Computing Consortium is a leading indicator of what is to come for security in computing and will help define and build open technologies to support this trust infrastructure for data in use.”

  • Google, Intel and Microsoft form data protection consortium
  • Intel Editorial: Intel Joins Industry Consortium to Accelerate Confidential Computing

    Leaders in information and infrastructure security are well versed in protecting data at-rest or in-flight through a variety of methods. However, data being actively processed in memory is another matter. Whether running on your own servers on-prem, in an edge deployment, or in the heart of a cloud service provider’s data center, this “in-use” data is almost always unencrypted and potentially vulnerable.

  • Confidential Computing: How Big Tech Companies Are Coming Together To Secure Data At All Levels

    Data today moves constantly from on-premises to public cloud and the edge, which is why it is quite challenging to protect. While there are standards available that aim to protect data when it is in rest and transit, standards related to protecting it when in use do not exist. Protecting data while in use is called confidential computing, which the Confidential Computing Consortium is aiming to create across the industry.

    The Confidential Computing Consortium, created under the Linux Foundation, will work to build up guidelines, systems and tools to ensure data is encrypted when it’s being used by applications, devices and online services. The consortium says that encrypting data when in use is “the third and possibly most challenging step to providing a fully encrypted lifecycle for sensitive data.” Members focused on the undertaking are Alibaba, ARM, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom and Tencent.

  • IT giants join forces for full-system data security

    Apple is conspiciously missing from the consortium, despite using both Intel hardware and inhouse designed ARM-based processors.

    Of the first set of commitments, Intel will release its Software Guard Extensions (SGX) software development kit as open source through the CCC.

  • Google, Intel, and Microsoft partner to improve cloud security

    Some of the biggest names in tech have banded together in an effort to promote industry-wide security standards for protecting data in use.

  • Alibaba, Baidu, Google, Microsoft, Others Back Confidential Computing Consortium

    The Confidential Computing Consortium aims to help define and accelerate open-source technology that keeps data in use secure. Data typically gets encrypted by service providers, but not when it’s in use. This consortium will focus on encrypting and processing the data “in memory” to reduce the exposure of the data to the rest of the system. It aims to provide greater control and transparency for users.

  • Microsoft, Intel and others are doubling down on open source Linux security

    In other words, the operating system could be compromised by some kind of malware, but the data being used in a program would still be encrypted, and therefore safe from an attacker.

  • Microsoft, Intel, and Red Hat Back Confidential Computing

    The Linux Foundation’s latest project tackles confidential computing with a group of companies that reads like a who’s who of cloud providers, chipmakers, telecom operators, and other tech giants.

    Today at the Open Source Summit the Linux Foundation said it will form a new group called the Confidential Computing Consortium. Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent all committed to work on the project, which aims to accelerate the adoption of confidential computing.

IBM/Red Hat: OpenShift, CUDA, Jim Whitehurst, VMworld and RHELvolution

Filed under
Red Hat
  • Red Hat Launches OpenShift Service Mesh to Accelerate Adoption of Microservices and Cloud-Native Applications

    Red Hat, Inc., the world's leading provider of open source solutions, today announced the general availability of Red Hat OpenShift Service Mesh to connect, observe and simplify service-to-service communication of Kubernetes applications on Red Hat OpenShift 4, the industry’s most comprehensive enterprise Kubernetes platform. Based on the Istio, Kiali and Jaeger projects and enhanced with Kubernetes Operators, OpenShift Service Mesh is designed to deliver a more efficient, end-to-end developer experience around microservices-based application architectures. This helps to free developer teams from the complex tasks of having to implement bespoke networking services for their applications and business logic.

  • CUDA 10.1 U2 Adds RHEL8 Support, Nsight Compute Tools For POWER

    NVIDIA last week quietly released a second update to CUDA 10.1.

    CUDA 10.1 Update 2 brings Red Hat Enterprise Linux 8.0 support, continued POWER architecture support improvements, and other additions.

  • IBM Stock and Jim Whitehurst’s Toughest Test

    What analysts say they want from IBM stock is Red Hat CEO Jim Whitehurst in current CEO Virginia Rometty’s chair. They want Red Hat running IBM.

    That wasn’t the promise when this deal was put together. The promise was that Red Hat would get autonomy from IBM, not that IBM would lose its autonomy to Red Hat. But Whitehurst’s concept of an Open Organization has excited analysts who don’t even know what it is.

    If IBM became an Open Organization, these analysts think, it would replace the top-down structure IBM has used for a century with an organic system in which employees and customers are part of the product design process. Instead of selling gear or even solutions, IBM would become a corporate change agent.

  • Going to VMWorld? Learn to help data scientists and application developers accelerate AI/ML initiatives

    IT experts from around the world are headed to VMworld 2019 in San Francisco to learn how they can leverage emerging technologies from VMware and ecosystem partners (e.g. Red Hat, NVIDIA, etc.) to help achieve the digital transformation for their organizations. Artificial Intelligence (AI)/Machine Learning (ML) is a very popular technology trend, with Red Hat OpenShift customers like HCA Healthcare, BMW, Emirates NBD, and several more are offering differentiated value to their customers. Investments are ramping up across many industries to develop intelligent digital services that help improve customer satisfaction, and gain competitive business advantages. Early deployment trends indicate AI/ML solution architectures are spanning across edge, data center, and public clouds.

  • RHELvolution 2: A brief history of Red Hat Enterprise Linux releases from RHEL 6 to today

    In the previous post, we looked at the history of Red Hat Enterprise Linux from pre-RHEL days through the rise of virtualization. In this one we'll take a look at RHEL's evolution from early days of public cloud to the release of RHEL 8 and beyond.

Programming: Jupyter, Python, Django and Git

Filed under
Development
  • Jupyter Notebook for Beginners: A Tutorial

    The Jupyter Notebook is an incredibly powerful tool for interactively developing and presenting data science projects. This article will walk you through how to set up Jupyter Notebooks on your local machine and how to start using it to do data science projects.

    First, though: what is a “notebook”? A notebook integrates code and its output into a single document that combines visualizations, narrative text, mathematical equations, and other rich media. This intuitive workflow promotes iterative and rapid development, making notebooks an increasingly popular choice at the heart of contemporary data science, analysis, and increasingly science at large.

    Best of all, as part of the open source Project Jupyter, they are completely free.

    The Jupyter project is the successor to the earlier IPython Notebook, which was first published as a prototype in 2010. Although it is possible to use many different programming languages within Jupyter Notebooks, this article will focus on Python as it is the most common use case. (Among R users, R Studio tends to be a more popular choice).

  • Python for NLP: Creating Multi-Data-Type Classification Models with Keras

    This is the 18th article in my series of articles on Python for NLP. In my previous article, I explained how to create a deep learning-based movie sentiment analysis model using Python's Keras library. In that article, we saw how we can perform sentiment analysis of user reviews regarding different movies on IMDB. We used the text of the review the review to predict the sentiment.

    However, in text classification tasks, we can also make use of the non-textual information to classify the text. For instance, gender may have an impact on the sentiment of the review. Furthermore, nationalities may affect the public opinion about a particular movie. Therefore, this associated info, also known as meta data can also be used to improve accuracy of statistical model.

    In this article, we will build upon the concepts that we studied in the last two articles and will see how to create a text classification system that classifies user reviews regarding different business, into one of the three predefined categories i.e. "good", "bad", and "average". However, in addition to the text of the review, we will use the associated meta data of the review to perform classifcation. Since we have two different types of inputs i.e. textual input and numerical input, we need to create a multiple inputs model. We will be using Keras Functional API since it supports multiple inputs and multiple output models.

  • Django Template Fiddle Launched !!!!

    This is not an article. We just want to inform you that we have launched our new platform where you can experiment, play or fiddle with Django Templates.

  • Python Script 16: Generating word cloud image of a text using python

    Word cloud is an image composed of words used in a particular text or subject, in which the size of each word indicates its frequency or importance.

  • Python 3.7.3 : Using the inotify.
  • Git is eating the world

    The inception of Git (2005) is more or less the halfway point between the inception of Linux (1991) and today (2019). A lot has happened since. One thing is clear however: software is eating the world and Git is the fork with which it is being eaten. (Yes, pun intended).

CoreCtrl: A Radeon Settings Alternative For Linux

Filed under
Graphics/Benchmarks
Linux
Software

It’s a frustrating reality for Linux users that Windows software counterparts tend to be better. They may offer greater functionality, better design, and be easier-to-use. There are some exceptions, such as with the NVIDIA Linux GPU driver, which offers two features the Windows version doesn’t: temperature monitoring, and fan control. For the most part, though, things like driver control panels are a scarcity in Linux.

Read more

Also: New Intel Lightning Mountain SoC Appears in Linux Code

Total War: THREE KINGDOMS Comes to GNU/Linux

Filed under
GNU
Linux
Gaming

Security: One More Steam Windows Client Local Privilege Escalation 0day, New FOSS Patches, Major Metapackage Makeover in Kali and Securing Crypto Wallets

Filed under
Security
  • One more Steam Windows Client Local Privilege Escalation 0day

    Not long ago I published an article about Steam vulnerability. I received a lot of feedback. But Valve didn’t say a single word, HackerOne sent a huge letter and, mostly, kept silence. Eventually things escalated with Valve and I got banned by them on HackerOne — I can no longer participate in their vulnerability rejection program (the rest of H1 is still available though).

    You can read the story in more detail in previous article, here is a couple of words about current situation.

    And it’s sad and simple — Valve keeps failing. Last patch, that should have solved the problem, can be easily bypassed (https://twitter.com/general_nfs/status/1162067274443833344) so the vulnerability still exists. Yes, I’ve checked, it works like a charm.

    But this article is not about an old vulnerability, it’s about new one. Since Valve decided to read a public report instead of private report one more time, I won’t take that pleasure away from them.

  • Security updates for Thursday

    Security updates have been issued by Fedora (nginx), openSUSE (ImageMagick and putty), Red Hat (Ansible, atomic-openshift-web-console, ceph, and qemu-kvm-rhev), SUSE (kvm, libssh2_org, postgresql96, qemu, and wavpack), and Ubuntu (libzstd and openjpeg2).

  • Major Metapackage Makeover

    With our 2019.3 Kali release imminent, we wanted to take a quick moment to discuss one of our more significant upcoming changes: our selection of metapackages. These alterations are designed to optimize Kali, reduce ISO size, and better organize metapackages as we continue to grow.

    Before we get into what’s new, let’s briefly recap what a metapackage is. A metapackage is a package that does not contain any tools itself, but rather is a dependency list of normal packages (or other metapackages). This allows us to group related tools together. For instance, if you want to be able to access every wireless tool, simply install the kali-tools-wireless metapackage.

  • Securing Your Crypto Wallet

    When it came time to create my CryptocurrencyOS, based on Linux Mint I wanted to solve some practical user and security issues. The end result was for people to have their own crypto wallets in a secure, opensource, environment and encourage more adoption of cryptocurrency. I applied some of my experience with some of the products I developed for compevo and Techrich.

    The first problem is that a lot of people don’t even know how to find or download a wallet (at least safely, since there are a lot of fake / malware wallets that steal people’s coins). If they don’t know how to avoid the above, then how would they be able to secure their computer?

Syndicate content